Critical DoS Vulnerabilities in python-ujson Affect Fedora Users

Critical DoS Vulnerabilities in python-ujson Affect Fedora Users

First seen 22 Mar 2026, 05:58 UTC Linuxsecurity 98% similarity 72.8

Article Content

Browse articles
ThreatCluster

On March 20, 2026, two critical vulnerabilities (CVE-2026-32875 and CVE-2026-32874) were published affecting the python-ujson library, which is widely used for JSON encoding and decoding in Python applications. These vulnerabilities can lead to denial of service (DoS) attacks through a buffer overflow and infinite loop caused by large indent parameters during JSON serialization. Users of Fedora 42 and 43 are particularly affected, with updates released to address these issues. The vulnerabilities were reported to be exploitable, making it essential for users to apply the latest updates. The updates include version 5.12.0 of python-ujson, which fixes the identified issues. Users are advised to upgrade using the 'dnf' package manager to mitigate the risks associated with these vulnerabilities. The current status is that the vulnerabilities are patched, but users must ensure they have updated their systems.

Key Points: • CVE-2026-32875 and CVE-2026-32874 are critical DoS vulnerabilities in python-ujson. • Affected systems include Fedora 42 and 43, requiring immediate updates. • Users should upgrade to python-ujson version 5.12.0 to mitigate risks.

ThreatCluster AI

Timeline

2026-03-12
Update to python-ujson 5.12.0 released
2026-03-20
CVE-2026-32875 and CVE-2026-32874 published
2026-03-22
Articles published detailing vulnerabilities and updates

Community

Browse all →